8286433: Cache certificates decoded from TLS session tickets

Reviewed-by: coffeys, xuelei
2025-08-28 07:14:30 +02:00 · 2022-05-12 06:48:38 +00:00 · 2022-05-12 06:48:38 +00:00 · 96d48f386b
commit 96d48f386b
parent 7567627f4a
2 changed files with 18 additions and 13 deletions
--- a/src/java.base/share/classes/sun/security/provider/X509Factory.java
+++ b/src/java.base/share/classes/sun/security/provider/X509Factory.java
@ -98,15 +98,7 @@ public class X509Factory extends CertificateFactorySpi {
        try {
            byte[] encoding = readOneBlock(is);
            if (encoding != null) {
-                X509CertImpl cert = getFromCache(certCache, encoding);
-                if (cert != null) {
-                    return cert;
-                }
-                cert = new X509CertImpl(encoding);
-                addToCache(certCache, cert.getEncodedInternal(), cert);
-                // record cert details if necessary
-                commitEvent(cert);
-                return cert;
+                return cachedGetX509Cert(encoding);
            } else {
                throw new IOException("Empty input");
            }
@ -116,6 +108,19 @@ public class X509Factory extends CertificateFactorySpi {
        }
    }

+    public static X509CertImpl cachedGetX509Cert(byte[] encoding)
+            throws CertificateException {
+        X509CertImpl cert = getFromCache(certCache, encoding);
+        if (cert != null) {
+            return cert;
+        }
+        cert = new X509CertImpl(encoding);
+        addToCache(certCache, cert.getEncodedInternal(), cert);
+        // record cert details if necessary
+        commitEvent(cert);
+        return cert;
+    }
+
    /**
     * Read from the stream until length bytes have been read or EOF has
     * been reached. Return the number of bytes actually read.
@ -768,7 +773,7 @@ public class X509Factory extends CertificateFactorySpi {
        return tag;
    }

-    private void commitEvent(X509CertImpl info) {
+    private static void commitEvent(X509CertImpl info) {
        X509CertificateEvent xce = new X509CertificateEvent();
        if (xce.shouldCommit() || EventHelper.isLoggingSecurity()) {
            PublicKey pKey = info.getPublicKey();
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
@ -24,7 +24,7 @@
 */
 package sun.security.ssl;

-import sun.security.x509.X509CertImpl;
+import sun.security.provider.X509Factory;

 import java.io.IOException;
 import java.math.BigInteger;
@ -459,7 +459,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
                b = new byte[buf.getInt()];
                buf.get(b);
                try {
-                    this.peerCerts[j] = new X509CertImpl(b);
+                    this.peerCerts[j] = X509Factory.cachedGetX509Cert(b);
                } catch (Exception e) {
                    throw new IOException(e);
                }
@ -480,7 +480,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
                    b = new byte[buf.getInt()];
                    buf.get(b);
                    try {
-                        this.localCerts[i] = new X509CertImpl(b);
+                        this.localCerts[i] = X509Factory.cachedGetX509Cert(b);
                    } catch (Exception e) {
                        throw new IOException(e);
                    }